package com.hyy.backend.common;

import com.hyy.backend.entity.UserInfo;
import com.hyy.backend.entity.UserType;
import org.springframework.web.servlet.HandlerInterceptor;

// 替换为Jakarta EE包名
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;

public class AdminInterceptor implements HandlerInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        HttpSession session = request.getSession();
        UserInfo user = (UserInfo) session.getAttribute("user");

        // 检查用户是否登录且是管理员
        if (user == null || user.getRole() != UserType.Admin) {
            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
            response.getWriter().write("需要管理员权限");
            return false;
        }
        return true;
    }
}